package com.ssps.front.tenant2.config;


import com.ssps.front.tenant2.utils2.MyHandlerExceptionResovler;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.realm.jdbc.JdbcRealm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerExceptionResolver;

import javax.sql.DataSource;
import java.util.HashMap;
import java.util.Map;

/**
 * @Author: peng
 */
@Configuration
public class ShiroConfig {
    @Bean
    public HashedCredentialsMatcher hcm() {
        HashedCredentialsMatcher hcm = new HashedCredentialsMatcher();
        hcm.setHashAlgorithmName("MD5");
        hcm.setHashIterations(1024);

        return hcm;
    }

    @Bean
    public JdbcRealm realm(DataSource dataSource) {
        JdbcRealm jdbcRealm = new JdbcRealm();
        jdbcRealm.setDataSource(dataSource);

        //重写SQL
        //认证
        jdbcRealm.setAuthenticationQuery("select pwd,salt from user where phone = ?");

        //根据用户名查询角色
        jdbcRealm.setUserRolesQuery("SELECT rname FROM user_role ur INNER JOIN user u ON ur.`uid` = u.`uid` INNER JOIN role r ON ur.rid = r.rid AND u.phone = ?");

        //根据角色名查询权限
        jdbcRealm.setPermissionsQuery("SELECT pname FROM role_permission rp INNER JOIN role r ON rp.`rid` = r.`rid` INNER JOIN permission p ON rp.`pmid` = p.`pmid` AND rname = ?");

        //支持权限查询（必须配置该项，否则无法判断用户拥有的角色是否拥有某个权限）
        jdbcRealm.setPermissionsLookupEnabled(true);

        //设置加密
        jdbcRealm.setSaltStyle(JdbcRealm.SaltStyle.COLUMN);
        jdbcRealm.setCredentialsMatcher(hcm());


        return jdbcRealm;
    }

    @Bean
    public DefaultWebSecurityManager securityManager(JdbcRealm jdbcRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(jdbcRealm);
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setLoginUrl("/tenant/index2.html");
        shiroFilterFactoryBean.setUnauthorizedUrl("/view/unauthorized");
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String, String> map = new HashMap<>();

        map.put("/exit", "logout");
//        map.put("/auth/login", "anon");
//        map.put("/view/user", "roles[admin]");
//        map.put("/view/car", "roles[guest]");
            map.put("/**", "anon");
//        map.put("/auth2/login2","anon");
//        map.put("/**", "authc");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);

        return shiroFilterFactoryBean;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor aasa = new AuthorizationAttributeSourceAdvisor();
        aasa.setSecurityManager(securityManager);

        return aasa;
    }

    @Bean
    public HandlerExceptionResolver getHandlerExceptionResolver(){
        return new MyHandlerExceptionResovler();
    }
}
